package com.einmeer.sercuritydemo.controller;

import com.einmeer.sercuritydemo.entity.User;
import com.einmeer.sercuritydemo.service.UserService;
import jakarta.annotation.Resource;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;

import java.util.List;

/**
 * @author 芊嵛
 * @date 2024/3/1
 */
@RestController
@RequestMapping("/user")
public class UserController {

    @Resource
    public UserService userService;

    /**
     * 查询表中所有信息
     *
     * @return
     */
    @PreAuthorize("hasRole('ADMIN') and authentication.name == 'admin'")   // 授权方式三：方法注解,带判断的，可以不写后面
    @GetMapping("/list")
    public List<User> getList() {
        return userService.list();
    }

    /**
     * 添加一条信息
     *
     * @param user
     */
//    @PreAuthorize("hasRole('USER')")   // 授权方式三：方法注解
    @PreAuthorize("hasAuthority('USER_ADD')")
    @PostMapping("/add")
    public void add(@RequestBody User user) {
        userService.saveUserDetails(user);
    }
}
